Archive for the ‘ Books ’ Category

Book review: The Art of Deception

The Art of Deception is a book by Kevin Mitnick that covers the art of social engineering. Part of the book is composed of real stories, and examples of how social engineering can be combined with hacking.

Wikipedia

This is a recommended read. It will not teach you how to execute social engineering attacks. It will teach you what the attacks vectors are, what they’re after, what needs to be protected and why someone want’s to use social engineering. The book is well written and informative.

This book brought my attention to another part of security, namely the human element. I would most probably have fallen for an attack if I hadn’t read this book. That’s a fact.

While reading this book, I realized that I had been naive. I got a good look on how other humans are willing to exploit the good in people for their own purposes.

I have some criticism to share.

After a few chapters into the book it starts feeling like you’re reading the same thing over and over again. You’ve got idea on what’s it’s all about and you really don’t need any more information than that. I think the book’s volume could at least be cut in half and it would still serve it’s purpose well.

It’s somewhat of a pain to read but at the same time an absolute must for anyone that’s into computer security . I don’t know whether this book is one of the best or worst, let me know if you have read any else social engineering books that you can recommend.

With social engineering you can bypass the best of firewalls with some deception and social skills. It’s not enough with technical security, you need to firewall your mind as well.

Recommended book: The Cuckoo’s Egg

After reading a review of The Cockoo’s Egg by Cliff Stoll on taosecurity.blogspot.com. I just had to check it out. I bought that book and a social engineering book by Kevin Mitnick called The Art of Deception.

The Cockoo’s Egg is based on a true story. It was technically accurate and exciting. I liked the book, never read anything like it and I’m now looking for more books in this genré. Be it fictional or not, I want more.

Here’s a summary of the book that I snatched from some savvy website:

Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized users on his system. The hacker’s code name was “Hunter”– a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy– and plunging into an incredible international probe that finally gained the attention of top U.S. counter-intelligence agents. The Cuckoo’s Egg is his wild and suspenseful true story– a year of deception, broken codes, satellites, missile bases and the ultimate sting operation– and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB.

Review on the Art of Deception is coming up shortly.